GHSA-xpww-g9jx-hp8r: 
Rust vulnerability analysis and mitigation

The sha2 crate version 0.9.7 introduced a critical vulnerability in its AVX2-accelerated backend, which was automatically enabled for x86/x86_64 CPUs with AVX2 support. The vulnerability was discovered and reported on September 8, 2021, and was assigned multiple identifiers including GHSA-xpww-g9jx-hp8r, CVE-2021-45696, and RUSTSEC-2021-0100 (RustSec Advisory, GitHub Advisory).

The vulnerability was specifically located in the AVX2 backend implementation where the bug caused incorrect computation when processing two blocks simultaneously. The issue was found in the load_data_avx2 function where the data loading sequence was incorrectly implemented. The bug only manifested when processing long messages that span multiple SHA blocks, requiring at least 256 bytes of data to trigger the issue (RustCrypto PR).

The vulnerability resulted in miscomputed hash results for long messages that span multiple SHA blocks when using the AVX2-accelerated backend. This affected all users who were running version 0.9.7 of the sha2 crate on systems with AVX2 support, potentially compromising the integrity and security of hash computations (GitHub Advisory).

Users who upgraded to version 0.9.7 were advised to immediately upgrade to version 0.9.8 and recompute any hashes that were previously computed using version 0.9.7. The vulnerable version 0.9.7 was yanked from the registry to prevent new installations (RustSec Advisory).